CVE-2009-0783

Exposure of Sensitive Information to an Unauthorized Actor in maven/org.apache.tomcat/tomcat

Identifiers

GHSA-hhjg-g8xq-hhr3, CVE-2009-0783

Package Slug

maven/org.apache.tomcat/tomcat

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Affected Versions

All versions starting from 4.1.0 up to 4.1.39, all versions starting from 5.5.0 up to 5.5.27, all versions starting from 6.0.0 up to 6.0.18

Solution

Upgrade to version 6.0.20 or above.

Last Modified

2022-06-19

source